Swinburne University Hit by RansomHub Ransomware Attack in 2024

Incident Date: Aug 30, 2024

Attack Overview

VICTIM

Swinburne University of Technology

INDUSTRY

Education

LOCATION

Australia

ATTACKER

Ransomhub

FIRST REPORTED

August 30, 2024

Request Removal

RansomHub Ransomware Attack on Swinburne University of Technology

In August 2024, Swinburne University of Technology's Sarawak Campus in Malaysia was targeted by the ransomware group RansomHub. The attack resulted in the theft of sensitive data, including passport scans, letters of completion, and student applications. The university promptly notified the Computer Emergency Response Team (CERT) of Malaysia’s National Cyber Security Agency and took swift action to contain the breach.

About Swinburne University of Technology

Swinburne University of Technology, established in 1908, is a prominent educational institution located in Melbourne, Australia. Known for its focus on innovation, research, and industry engagement, the university offers a wide range of undergraduate and postgraduate programs. It operates multiple campuses, including those in Hawthorn, Croydon, Wantirna, and Sarawak, Malaysia. The university employs between 1,001 to 5,000 staff members and serves a large, diverse student body.

Attack Overview

The ransomware attack on Swinburne's Sarawak Campus was orchestrated by RansomHub, a Ransomware-as-a-Service (RaaS) group. The attack led to the theft of sensitive data, although the core business systems were fully recovered without further disruption. Swinburne Sarawak is collaborating with specialists to conduct forensic investigations to ascertain the full extent of the breach. The university clarified that its IT systems are distinct from those of its Australian campuses, which were not impacted by the incident.

About RansomHub

RansomHub emerged in February 2024 as a successor to the Cyclops and Knight ransomware variants. The group is known for its speed and efficiency, using advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets large enterprises with valuable data, focusing on sectors such as healthcare, financial services, and government.

Penetration Methods

RansomHub's affiliates likely penetrated Swinburne's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi. By leveraging zero-day vulnerabilities and advanced obfuscation techniques, RansomHub effectively evades detection and delivers swift results.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.